CVE-2013-2069

Published: May 29, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/

x_refsource_CONFIRM

60119

vdb-entry

x_refsource_BID

redhat-cve20132069-livecd-security-bypass(84488)

vdb-entry

x_refsource_XF

[oss-security] 20130523 CVE-2013-2069 livecd-tools: improper handling of passwords

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=964299

x_refsource_CONFIRM

RHSA-2013:0849

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-2069

Description

Affected Products

References